LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-18-2013, 06:54 PM   #1
neodaemon
LQ Newbie
 
Registered: Oct 2005
Posts: 18

Rep: Reputation: 1
How can I tell if my php is vulnerable to CVE-2011-3268


2.6.32-358.23.2.el6.i686
Centos 6.4 x64
PHP 5.3.3
httpd.i686 2.2.15-29.el6.centos

I have ran yum update several times - I am 100% up to date as far as the standard repos are concerned. I am aware that CentOS / RHEL releases backport security fixes for software packages - such as Apache and PHP. I am also aware that the nature of these backport fixes do not necessarily increment the PHP and Apache reported versions. That's perfectly understandable.

But there is a particular vulnerability that a PCI scan has identified on my web server: CVE-2011-3268
I know that PHP itself has addressed and patched this vulnerability. I need help determining the following three items:

1. How can I search CentOS / RHEL resources and discover when and what version of PHP or Apache was patched from vulnerability CVE-2011-xxxx?
2. Is it true as suggested here: https://bugzilla.redhat.com/show_bug.cgi?id=733744 -that CVE-2011-3268 DOES NOT EXIST in the versions of PHP that exist in the repositories of RHEL 4,5, or 6? I'm not sure I'm reading that correctly.
3. I looked in my own change log (i.e. rpm -q --changelog php) and see no mention of CVE-2011-3268. Does this mean it isn't patched, or does it mean the vulnerability does not exist?

Thank you very kindly.
-neodaemon
 
Old 10-19-2013, 02:50 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,990
Blog Entries: 54

Rep: Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743
Quote:
Originally Posted by neodaemon View Post
there is a particular vulnerability that a PCI scan has identified on my web server: CVE-2011-3268
I know that PHP itself has addressed and patched this vulnerability.
Then the method of the scan may be questionable. I've seen lots of companies just add any vulns to their report ad verbum and without determining if it is a false positive or not.


Quote:
Originally Posted by neodaemon View Post
How can I search CentOS / RHEL resources and discover when and what version of PHP or Apache was patched from vulnerability CVE-2011-xxxx?
Prefix your CVE number with https://access.redhat.com/security/cve/: https://access.redhat.com/security/cve/CVE-2011-3268


Quote:
Originally Posted by neodaemon View Post
Is it true as suggested here: https://bugzilla.redhat.com/show_bug.cgi?id=733744 -that CVE-2011-3268 DOES NOT EXIST in the versions of PHP that exist in the repositories of RHEL 4,5, or 6? I'm not sure I'm reading that correctly.
Yes, you read that correctly. Also note the person writing the statement, Huzaifa S. Sidhpurwala (huzaifas.at.redhat.com), is a Security Engineer at Red Hat.


Quote:
Originally Posted by neodaemon View Post
I looked in my own change log (i.e. rpm -q --changelog php) and see no mention of CVE-2011-3268. Does this mean it isn't patched, or does it mean the vulnerability does not exist?
The RHEL statement on the CVE page reads "Not vulnerable." which is clear and does not invite or warrant interpretation.
 
Old 10-19-2013, 04:10 AM   #3
neodaemon
LQ Newbie
 
Registered: Oct 2005
Posts: 18

Original Poster
Rep: Reputation: 1
Understood. Thank you very much for the reply unSpawn.
 
Old 10-19-2013, 04:23 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,990
Blog Entries: 54

Rep: Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743
You're welcome.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] [Slackware-current]: glibc 2.17; CVE-2013-4332 mancha Slackware 12 11-11-2013 03:08 PM
Best practices when a cve alert is issued for software on your machine YankeePride13 Linux - Server 2 08-14-2013 02:54 PM
CVE Calculator? like daysofrisk.pl kevinyeandel Linux - Security 0 09-03-2012 09:05 AM
Exploit CVE-2010-3081 _root_ Red Hat 5 09-22-2010 11:34 PM
Patch of vulnerability CVE:2007-5001 nnetala Linux - Newbie 0 06-26-2008 03:27 AM


All times are GMT -5. The time now is 11:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration